I am writting my thesis and I have to analyze Let’s encrypt. I am searching for some lack of security or some possible attacks against Let’s Encrypt. For now, I have the possibility for an attacker to set up a well looking phishing site with a valid certficate. Users often trust the green padlock more than the URL. Another attack is offered by DNS-Spoofing. Because of domain validation it is possible for attackers to manipuliate the DNS and so accomplish the challenges of the Let’s Encrypt server.
Are these problems correct? Are there other possible attacks against the Let’s Encrypt infrastructure or the proccess of issuing a certificate?

For now, I have the possibility for an attacker to set up a well looking phishing site with a valid certficate. Users often trust the green padlock more than the URL.

This doesn’t specifically relate to Let’s Encrypt - you could do this with any certificate authority that issued Domain Validated (DV) certs in an automated fashion (most do). “Trusting the green padlock” more than the URL stems from a misunderstanding about what a DV cert from a CA really attests. I don’t think its fair to characterize that as an attack specific to Let’s Encrypt (or an attack at all!)

Wuuuz:

Another attack is offered by DNS-Spoofing. Because of domain validation it is possible for attackers to manipuliate the DNS and so accomplish the challenges of the Let’s Encrypt server.

This is correct, but again is more a fault of domain validation than Let’s Encrypt in particular. You’ll find that DV methods possible with both Let’s Encrypt and other CAs that issue DV certs can be subverted by DNS poisoning or BGP hijacking.